• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

WPAD w/2 internal networks

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> WPAD w/2 internal networks Page: [1]
Login
Message << Older Topic   Newer Topic >>
WPAD w/2 internal networks - 14.Sep.2005 8:27:00 AM   
vamram

 

Posts: 44
Joined: 19.Dec.2003
Status: offline
We have a tri-homed ISA 2004 w/the NICs configured as follows: 1 default External, 1 default Internal, and 1 custom internal (Dev).

The corporate AD, DNS, Exchange, f&p, etc. are on the Internal segment. I also have a WPAD record in the Internal DNS as well as the DHCP 252 option defined.

The WPAD entry points to the ISA's Internal segment NIC, 172.16.1.1/24.

The Dev network, however, is on a different network, so I have the FWC configured to point to the auto-configuration script as:

http://192.168.1.1:8080/array.dll?Get.Routing.Script

where 192.168.1.1 is the IP address of the ISA's Dev segment NIC, and to configure the web proxy settings to point to 192.168.1.1:8080.

How should I configure the FWC for this segment? Should I enable Auto-discovery? If I do, the WPAD response will be to an address on another network (Internal ISA NIC) so that doesn't seem correct.

In a nutshell, I'm trying to get auto-discovery to function correctly on the 2nd internal (Dev) network.

Suggestions?

Thanks in advance! "[Razz]"
Post #: 1
RE: WPAD w/2 internal networks - 15.Sep.2005 9:31:00 AM   
ISA_baby

 

Posts: 19
Joined: 17.Jun.2005
From: Cape Town
Status: offline
Hi,
Got your mail [Smile]
I'm taking a guess here that it may be due to your dns settings on your nics registering the host name name in DNS.I would uncheck these options and possibly create a second host record or cname for your isa box.DHCP is probably getting confused due to that.
Good Luck,
ISA_baby

(in reply to vamram)
Post #: 2
RE: WPAD w/2 internal networks - 15.Sep.2005 5:45:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hey guys,

I've started the testing of a simular configuration (internal and perimeter). The DNS autodetect works for me but the content of the wpad.dat file is wrong. It points to the web proxy listener on the internal interface instead of pointing to the web proxy listener on the perimeter interface.

Hmm... need to do some further testing! [Wink]

HTH,
Stefaan

(in reply to vamram)
Post #: 3
RE: WPAD w/2 internal networks - 30.Sep.2005 8:30:00 AM   
vamram

 

Posts: 44
Joined: 19.Dec.2003
Status: offline
Stefaan -

Got the answer. You have to create a 2nd A record for your ISA server. Then, make sure Netmask Ordering is enabled in your AD DNS. Based on this, the clients on the other segment will get the correct address when they resolve the wpad record.

Works like a charm!

Thanks!

[Cool] JQ

(in reply to vamram)
Post #: 4
RE: WPAD w/2 internal networks - 30.Sep.2005 8:32:00 AM   
vamram

 

Posts: 44
Joined: 19.Dec.2003
Status: offline
PS, thanks ISA_Baby. You were on the right track!

(in reply to vamram)
Post #: 5
RE: WPAD w/2 internal networks - 30.Sep.2005 2:09:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Johnny,

yep, that's a good *workaround*. However, it doesn't solve the fundamental problem itself. [Wink]

Because ISA supports multinetworking and the UI does give a strong indication that you can create autoconfig information on a per network basis, I consider this a bug. Therefore, I made a support call to Microsoft. Here is the answer from Microsoft PSS:
quote:
Hi Stefaan,

I have been discussing this issue with the ISA product team and the WPAD Proxy server listed is based on the machine's domain association, regardless of the network where this data is sent. This is by design with no plans to change this for the current version but will be considered in future releases.

Thanks,
Tom Sampson
Microsoft
EMEA GTSC - DSI - Specialist Support Engineer Microsoft Product Support Services

HTH,
Stefaan

(in reply to vamram)
Post #: 6
RE: WPAD w/2 internal networks - 4.Oct.2005 7:30:00 AM   
vamram

 

Posts: 44
Joined: 19.Dec.2003
Status: offline
Stefaan,

I'm not sure I understand how that's a bug, though. If DNS netmask ordering resolves the issue, which it did for us since the wpad record is a cname so each segment gets the correct IP for the ISA?

Gotta say I'm confused. Stranger things have happened, though. [Razz]

PS, I'll be posting another MS bug admission elsewhere here....

JQ

(in reply to vamram)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> WPAD w/2 internal networks Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts